/*
 * Copyright (c) 2025 Industrial Software Feature Database
 */
package com.comac.ins.monitor.admin.config;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/**
 * admin 监控 安全配置
 *
 * @author Lion Li
 */
@EnableWebSecurity
@Configuration
public class SecurityConfig {
//
//    private final String adminContextPath;
//
//    public SecurityConfig(AdminServerProperties adminServerProperties) {
//        this.adminContextPath = adminServerProperties.getContextPath();
//    }
//
//    @Bean
//    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
//        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
//        successHandler.setTargetUrlParameter("redirectTo");
//        successHandler.setDefaultTargetUrl(adminContextPath + "/");
//
//        return httpSecurity
//            .headers((header) ->
//                header.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
//            .authorizeHttpRequests((authorize) ->
//                authorize.requestMatchers(
//                        new AntPathRequestMatcher(adminContextPath + "/assets/**"),
//                        new AntPathRequestMatcher(adminContextPath + "/login"),
//                        new AntPathRequestMatcher("/actuator"),
//                        new AntPathRequestMatcher("/actuator/**")
//                    ).permitAll()
//                    .anyRequest().authenticated())
//            .formLogin((formLogin) ->
//                formLogin.loginPage(adminContextPath + "/login").successHandler(successHandler))
//            .logout((logout) ->
//                logout.logoutUrl(adminContextPath + "/logout"))
//            .httpBasic(Customizer.withDefaults())
//            .csrf(AbstractHttpConfigurer::disable)
//            .build();
//    }

    private final String adminContextPath;

    public SecurityConfig(AdminServerProperties adminServerProperties) {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            // 允许所有请求无需认证
            .authorizeHttpRequests(authorize -> authorize
                .anyRequest().permitAll()
            )
            // 配置帧选项
            .headers(headers -> headers
                // 允许iframe嵌入
                .frameOptions(frameOptions -> frameOptions.disable())
            )
            // 禁用CSRF保护
            .csrf(csrf -> csrf.disable())
            // 禁用HTTP基本认证
            .httpBasic(httpBasic -> httpBasic.disable())
            // 禁用表单登录
            .formLogin(formLogin -> formLogin.disable());

        return http.build();
    }
}
